Microsoft gets all the press for being a reformed monopolist, but in the hoary world of networking, no one has dominated longer or more tenaciously than Cisco Systems. And while Cisco has seen upstart competitors come and mostly go, perhaps none has the chance to up-end the networking giant's comfortable position more than …

But...but....but

IOS and Zos are hardware?

While I don't disagree with the sentiment, your characterization of the issue is improper IMO as most of the major Cisco network issues I have been invoved with were probably best described as software problems (something to do with spanning trees a few years back IIRC).

Cisco's gear is very well built, agreed, and in general old style Unix architectures (which is, at heart, what Cisco network gear is AFAIK) are much more resilient than x86 servers - they are also much more expensive. That said, I have seen many examples recenty of previously untouchable core tenants of IT being thrown out the window to save money - and it's typically done despite the very valid protests of their subject matter experts.

Re: What?

Are you trying to say that IOS is not Unix based somewhere way back in the day?

Last time I logged into a Cisco router - which has been more than 10 years FWIW - it looked like a duck, quacked like a duck. Don't get me wrong, it's not a full blown OS but I fail to see how it is substantively different than the pared-down Linux they're embedding in devices these days.

IIRC there was an article here a while back about a high-end, low latency switch vendor (can't recall the name but I think one of the old core Cisco guys founded it) that was using x86 procs and their own custom Linux or BSD distro for their network "hardware". I don't know what type of procs Cisco uses, but there's a CPU of some flavor in there too.

Smoke and mirrors hiding a failparade.

Sounds like a complete and utter fail for sun to have a "networking enabled" cpu with built-in 10GbE interfaces, and not manage to capitalize on it for years on end. In fact, making use of that facility still requires an *optional* expansion card in the box!

Moving on, while it's entirely possible and in fact not unlikely at all, that vyatta has a point about performace, much of this is smoke and mirrors. For example, as the linked comparison from 2008 implies: Cisco list prices are complete bunk, moreso than elsewhere. If you pay that you've been well and truly shafted. Next is that cisco sells very specialised tools, and that's always a bit on the spendy side. They probably could do a bit better there, so a bit more competition isn't a bad thing. But the price of the hardware is not that important, really.

The real beef isn't in how well the hardware performs at what price. It's in how confident you might be that it won't give up on you. This stuff isn't your average desktop gear; it lives in places more remote than the servers in your datacentre, spread out over more places, and even less accessible. And when they falter there's more pressure to get the thing going again, quickly! That's why you configure the things over boring old serial, simply because that is indestructibly simple. Which again is why I require a hardware serial on the laptop used to configure that sort of thing. So you'd ideally want right exactly another of the same boxes, restore the last known-good config, and off you go. Re-engineering the network _isn't_ something you contemplate in emergencies.

Can this outfit duplicate all that? How are they at technical support, fault-finding, release engineering the software, special needs branches? What about obscure weird parameters that you might someday need to make the network work at all? And so on?

This isn't to say that there isn't a market for this kind of thing. Just that this article doesn't discuss even half the issues that are relevant to running an enterprise network. Vyatta doesn't seem to have that firmly in focus, either. They need to fix that to enable sustainable growth in that market.

investors

Cisco's real problem...

Huawei is right

Huawei is now the number 2 networking vendor in the world. I think that open source competitors are far down the list of problems for Cisco. Even cheap, fast hardware like RouterBoard or integrated solutions like WatchGuard are more of a threat than any open source...

Huawei and HP

Be careful with 3Com

Be careful with 3Com

We (Very Large Public Sector Body) were a 3Com house 15 Years ago, then they just up-sticks saying that they were getting out of the networking market, and fucked off leaving everyone with an installed 3Com hardware base in the total lurch. No hardware replacements - no support nothing - fucking twats.

That's when we moved to Cisco, and while expensive it is bomb proof, and when you have a problem on your network that you need to identify, all the tools are there.

I recently helped a friend to troubleshoot an issue on his HP Procurve based network (granted I'm talking Switching now, as opposed to routing) The problem ended up being a misbehaving device that was using another device's MAC address. It took FOUR HOURS to identify the problem and track the bastard down because HP don't think it's important to report MAC FLIP events - something that even the cheapest Cisco switch would do.

Cisco may well be the BORG, and for many of their products I would prefer to stay away (Cisco Works in particular - yuck) but as far as core routing, switching and firewalling goes it will take some serious arguments to tempt us away.

Hello?

This article takes two pages to generate a net loss in information. Let's take just one of the absurdities:

"Networks used to rely on Cisco-proprietary protocols, which were the company's technology lockup. Over time, however, networks shifted to Internet Protocol. Vendor interoperability became the reality."

These are the words of someone who clearly knows nothing about the history of networking, or the fact that Cisco's entire history is based on open standards in general and IP in particular. "Networks used to rely on Cisco-proprietary protocols..." What protocols would those be, exactly?

not to mention...

protocols...

What protocols would those be, exactly?

There are no shortage of proprietary Cisco protocols (EIGRP, ISL, VRRP spring to mind) but they are not *core* networking protocols. You can manage just fine without them, but they provide a means to a) avoid failings of standard protocols and b) lock you in to cisco hardware.

ISL and HSRP like Cisco Inline Power are Pre Standard Techmelogies

ISL and HSRP like Cisco Inline Power are bad examples. If my memory serves me well they were pre standard implementations and Cisco contributed significantly to the subsequent standards. Also when the relevant standards were established they were immediately incorporated into IOS for new devices.

All competition to Cisco is welcome if it means lower prices. Price is not the driving factor for most businesses buying cisco equipment, reliability and confidence is. Brand recognition is also important.

I got lost after the first few paragraphs of the article. Worst written article I have seen in a while. The author really need to go back to school or to get his/her head clear of whatever he/she is smoking before attempting another article

@ Ru: You so sure?

1. VRRP is NOT Cisco proprietary (originally RFC 2338). You can lump HSRP and GLBP into that category instead.

2. L2 trunking (ISL) and L3 Routing/Gateway (EIGRP/HSRP) are about as Core as it gets in any network, large or small. What would you define as core otherwise?

3. The "failings" of standard protocols are subjectively debatable, since the network design in use has to account for the behavior of the L2/L3 protocols selected. There's plenty of good and bad designs using standards and vendor-proprietary options.

(untitled)

As someone has previously stated, Cisco are innovators in the networking arena - HSRP came about LONG before the Industry Standard VRRP (in fact VRRP is BASED on HSRP) Plus almost every Cisco L3 device supports VRRP.

GLBP doesn't have an open standard alternative - but you can be sure that if/when one does become available Cisco will support it (and will probably be one of the first to do so)

ISL came about long before 802.1q and again - dot1Q is supported on every Cisco switch in existence. Noone uses ISL anymore.

IGRP came about because RIP was complete crap.

EIGRP is about the only proprietary routing protocol still in use, but that's primarily because its bloody good! If you did want to interoperate with non-Cisco gear then you would just use OSPF instead.

I don't agree *at all* that Cisco use proprietary protocols as a vendor lock-in mechanism - if that were the case then they wouldn't be on so many of the boards and panels that come up with the Industry Standards in the first place, and they wouldn't support the opposing protocols!!

Go visit BT or C&W or any ISP on the planet and and see how many of them don't use Cisco - you will be able to list them all on the back of a postage stamp - and this isn't due to protocol lock-in as they all use BGP!!

Logical Flaws

In reality, Cisco has been conforming to standards because Network Engineers have continually, loudly and constantly demanded standards compliance. We remember multivendor networks and interoperability for the days before Cisco became dominant. Further, as na industry we recognise the power of open standards.

Standards will not be the cause of the Cisco's shrinking this year, it's because the company is unfocussed behemoth that is ignoring it core customers while it plays with shiny toys such as videoconferencing and retail cameras.

Managers should be recognising that their engineering staff saved them from second rate technology. A lesson that the storage industry and their poor standards compliance could learn.

Not quite the whole picture...

Cisco Nexus expands the reach of their product range much further than just routing and switching. Even so far as to be able to run Vyetta VMs on Cisco x86 hardware :P

On the flip side, Cisco is treating IPv6 like a toy. Expensive ASA router/firewalls only do IPv6 in software. Nice performance hit there :( Their basic Nexus 1000 doesn't properly do IPv6 on the management interface. C'mon are they serious???!

Serisouly IPv6 is going to boom during the next 24 months as people (esp ISPs and Hosting DCs) rush to make sure the newcomer IPv6 customers can reach them - it's a tactic that's starting to pay off for those of us in the industry who are au fait with IPv6 rollouts and can see the next gold rush. Virtualisation is becoming so easy that MCPs are doing installs and leading edge customers are about ready for their next capex cycle.

not quite right

ASAs are being marketed as routers - or router capable firewalls/VPN endpoints... but their routing capability leaves a lot to be desired.

IPv6 not done properly on Nexus... well, could talk about the fact that it doesnt do IPv6 ACLs

(just like the ASAs cant do dynamic IPv6 ACLs)... or could talk about the lack of IPv6 in the

mgmt domain.

why IPv6 in mgmt? What a nice security barrier to only have mgmt access to infrastructure via a private local-scope IPv6 network not routed in the same instance or available anywhere in the customer domain.

Where?

ASAs are NOT being marketed as routers. They're deliberately not being marketed as routers, because Cisco make routers, and they want you to buy both an ASA and a router. Point me towards any marketing where Cisco describe an ASA as a router. The fact their routing leaves something to be desired is entirely predictable, given they're not being sold as a router replacement, and the people who make them make routers. Why sell one box when you can sell two?

Don't count chickens

One thing to be aware of is that Cisco's advanced IOS software is based on QNX. From personal experience, QNX runs just fine on most virtualization frameworks (VirtualBox, VMware, xen, kvm, et al). Don't be surprised if they start selling a virtualized router at some time if they start seeing these things eat into their profits excessively. Cisco may be the 800 lb gorilla of routers, but they can also move fast when it suits them.

Cisco are a mess

Only IOS XR is built on QNX and its still pretty crap. Normal IOS is a monolithic OS that doesn't even have protected memory, so killing causing a crash in BGP can, and has, hosed a complete router. IOS XR just has terrible implementation bugs in a bunch of their protocols. Only did 2 good things with IOS XR.

1) Routing policy language

2) It has VI on it

Every other god feature is a poor reimplementation on JUNOS.

We had 2 CRS-1s running IOS XR in my last job. We needed to reinstall the OS on one because it was so unstable (On Cisco TACs advice) . It is a massive step backwards when my router need an OS reinstall to fix it, it was like it was running Win95.

IOS XR will never run on a virtual machine, cause it is a control plane only, no software forwarding. Plus its really really slow. Also it runs on PowerPC. Normal IOS runs on a mix of MIPS and ARM, at least last time I looked

Embedded x86 as the future?

Seems to be the major premise of the article. I see your bloated x86 chips and raise you a cheap as chips ARM or MIPS that does the same job for less power so doesn't need as much cooling, is more resilient and lasts for longer on the battery. As others have noted hardware tolerances can be crucial for networks.

As regards open source strange to see the article plugging Vyatta but only briefly mentioning Juniper Networks, a staunch supporter of FreeBSD and sponsor IIRC of initial attempt to virtualise the network stack entirely. What have Juniper done to offend you, Mattt? A post that is ostensibly about open source turns into a vendor plug. Whatever the merits of the company or their product this counts as advertising in my book.

Borgasmatron - Think of the kids!

Lack of job security, and time to self-train, increasingly swift tech and human obsolence, mean most technology buyers behave like sheep more than most buyers of other products. The buyers tend to be obsolete sooner than their purchases so they buy by brandname.

'Nobody ever got sacked for buying [insert name of monopoly]'.

Legions of workers watch job adverts for signs of what skill is most transferable rather than which technology is best, simply to survive. The Cisco qualified network engineers tend to be the same sort of people who were Microsoft qualified engineers and Novell adminstartors in earlier age.

Any technology that becomes so ubititiuous becomes a 'lingua franca' that everyone needs to know whether they want to or not.

So how do you become a monopoly? Buy the potential opposition.

'Cisco kids - any company even slightly related to the Cisco marketplace that can be bought for large amounts of speculative investment debt, happily stripped of assets, and then disposed of'.

It is like being assimilated by Borg using orgasmatrons. They pay off handsomely to creative people creating worthwhile technology, most of whom immediately turn from creators to full-time consumers. What a waste of young lives! You actually companies prostituting themselves as 'Cisco kids', potential targets for a lucrative takeover, who have no real business plan beyond being attractive to Cisco.

Yeah right... from a 40Watt router to a 500Watt server

From a Vyatta User

We have been using Vyatta on some of our networking equipment for some time and have been really enjoying it. Vyatta has a similar cli to Cisco IOS equipment and is relatively easy to switch between the two. I agree that Cisco hardware is not going away anytime soon especially at the core networking level but for many small and medium business a server with some redundancy(power, drives, etc) running Vyatta can be quite cost effective.

Virtualisation is the problem... as well as the solution

I would guess that Matt is trying to point out that many end users are *already* using virtualisation on x86 hardware... And this is the problem for Cisco.

If you have a physical box running 10 VMs, all of which are talking to one another - how does Cisco manage to monitor that traffic?

All of this traffic remains inside the one physical server - it never goes out to the "real" network - and admins still need to be able to monitor this traffic - hence they are likely to install a VM from this vendor (or another) given that forcing the VMs to send network traffic "off box" is significantly slower.

This then means that the admins have to have *two* sets of management tools/consoles etc - one for their Cisco, and one for this.

Some smaller shops may then choose to drop Cisco, and just go for a virtualised network stack

If this *is* the case then Cisco either has to a) Create their own VM that works with their existing tools and risk cannibalising some other sales or b) Modify their management tools so it will handle this vendor's stack as well as their own

or c) come up with another business model that I can't think of right now :-)

@DanW

"If you have a physical box running 10 VMs, all of which are talking to one another - how does Cisco manage to monitor that traffic?"

"If this *is* the case then Cisco either has to a) Create their own VM that works with their existing tools and risk cannibalising some other sales"

They're ahead of you here - may I introduce you to the Cisco Nexus 1000v - the V being 'Virtual'..

It appears to run as a virtual machine onVMware and maybe others, replacing the standard switch with one capable of being managed in the same way using the same interface as all other Cisco switches, but able to muck about with networking between VMs where the default virtual switch doesn't. Oh, and it shouldn't cannibalise their other sales too much as it appears to cost almost as much as a real physical switch...

Cisco, my @$$

If you can count 'who is calling me trying to sell net gear lately' I'd say HP is head of the list followed by Huawei then Cisco. Had a CFO recently ask me "why do we buy Cisco gear?" I replied "we don't anymore." He said "good" - end of conversation.

Hmm

HP + 3COM makes ofr a genuine competitor

We had HP in last week, including a couple of their CTOs and chief technologists and this was one of their main topics. HPs big push technology wise in the next couple of years is to leverage the investment made in 3com and really do some damage to Ciscos market share. Some of the stats were very interesting ie. Cisco making a 60% odd margin on their kit, with HP coming in at a far more aggressive price point, with on par to better performance than the cisco equivelent device. If Cisco drop those margins to compete ts is going to cause them some real pain.

The 3COM purchase has meant that HP can challenge on every level on the data networking sid of things, including the nexus enterprise kit. The only thing that seemed to be missing was an MDS san switch equivilent. Another interesting point was the green credentials of the HP kit, which given the prive of energy is only heading one way make make for a compelling case.

For the data centre which is more my area I don't see Huawei making a massive imapct, I believe this is more the telecoms side of things and I imagine they will be eating into the lieks of Nortel and Avaya more so than Cisco?

No Innovation.

HP don't have the same suite of features that Cisco can provide; HSRP, for example, where you can use interface or object tracking for failover, meaning that if a WAN interface drops the kit failsover to the other device, which is the more likley scenario. HP only support VRRP, where the failover will only occur when a heartbeat is lost, i.e. when the device fails, which is less likely than a WAN failure.

Cisco have lead and continue to lead in large parts of the networking arena, and as per previous posts many of their proprietary protocols either predate the equivalent standard and form the basis for the new standard, or are dropped by Cisco when a better open standard becomes available (ISL for example).

As for this obsession with perfromance many networks that have 1Gb to the access layer, with 10Gb to the distribution/core layer as massively underutilised, the bottle neck is normally the application servers themselves. Plus having 10Gb througput on the edge is meaningless when your WAN circuit will only support 100Mb or 1Gb.

Reliablity and fast convergence are key, as is flexabilty and innovation, and nothing in this article suggests this startup is doing anything more exciting than making cheap routers, and Huwei are already there.

pfSense already doing it

HP not really a competitor

Their chipsets are dodgy, esp in low-failure tolerant environments. Their software is incredibly craptastic. I've evaluated them and used them in an attempt to lower the cost of mid-size render farms (15000 nodes) to large render farms (45000 nodes) and found them to be made of fail at every level, access, distribution, and core. Boxes that literally burned up from utilization, to devices that had chronic software problems.

Foundry was better (when HP was reselling Foundry, just be because the card firmware tended to be newer and the software updates were more frequent.) However, when it came down to making crap go, we turned to Cisco. For a 15% premium, we either had no downtime, or downtime with very fast turnaround, something that could not be said for either of the above. This also goes for the Nexus line... We've tested them against the competing Foundry devices and Foundry fell on their face doing the same job.

Same deal on the SSL VPN. Juniper/NetScreen has a great product, but it couldn't implement the same applications with the same level of customization... so, out the door. We were given a shit-ton of HP gear that we threw away to _buy_ Cisco gear because the failure rate was so high. The Juniper devices.... Never used, the last guy was fired because he couldn't get SSL VPN going... I spent 2 weeks with Juniper guys on deck... Trying to get their latest greatest switches up and going (massive software/firmware failure) and trying to get my proof of concept going on their device that I put together with my personal ASA.

They left in ignominious failure. We now have 45 new Cisco ASAs, and 6 new Nexus' (Nexi?).

Cisco VSG and Cisco 1000V products show that Cisco is moving in to the VM arena... They may move slowly, but when they get it... they get it solid.

I ran vyatta

for a couple of years. I had uptime going on 470 days before a power failure that lasted longer than the batteries. I was running on a dual core 2.8 GHz supermicro short depth server with 2 Gbps NIC's. It was running to VPN tunnels with some wierd routing. It also was serving roaming VPN's using a mixture of PPTP and OpenVPN. It was coupled to stacked DLink unmanaged switches. It was handling a 5Mbps (burstable to 100) fiber feed to the net. That $600.00 box running a free software stack was recently replaced by a Cisco 2921 and a 3560. It wasn't even breathing hard. For all of the money that was poured into that network when we were taken over, I can't tell the difference. That little box performed just as well as that multi-thousand dollar stack that was just installed. Cisco never has impressed me. Its always been way overpriced and under-performing.